InContatto Srl, with its legal headquarter in Viale dell’Oceano Atlantico 18 – 00144 Roma, VAT # 12443641001, holder of the treatment, (here called “Holder” or “Company”), as established by the current legislation (art. 13 General Data Protection Regulation, hereinafter also), provides users who visit the website www.incontatto.it (hereinafter also referred to as the “website”) with information relating to the processing of the acquired data
WHO IS THE HOLDER AND HOW TO CONTACT HIM
The Data Controller is InContatto Srl, with registered office in Viale dell’Oceano Atlantico 18 – 00144 Roma, VAT # 12443641001. The Company can be reached via the email address at email@example.com
WHICH ONES ARE THE PROCESSED DATA?
The processed data are navigation data and data provided spontaneously by the user. Data provided directly by the user.This category includes all personal data provided by the user on an optional basis (so, for example, when requesting information by calling the numbers indicated on the website or by writing to the e-mail addresses listed on the site). In the event in which the user decides to contact the Data Controller through the appropriate forms on the site, he/she will be able to know in detail the information on the processing of the requested data by accessing the specific information contained in the pages of interest.
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.This is information that could, through processing and association with data held by third parties, allow users to be identified.This category of data includes IP addresses or domain names of the computers used by users who connect to the site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user’s IT environment. WHAT ARE THE PURPOSES AND LEGAL BASES OF THE TREATMENT? Data provided directly by the user: Purposes and legal foundationThe personal data provided by the user optionally by contacting the owner are used only to process any requests made.The legal bases for the processing of such data are therefore: The execution of pre-contractual measures.The user can provide his data through the forms present on the site, in the areas dedicated to certain services, where specific information is given, which the user must view before providing the data, in which all are indicated in detail information on the processing of the same, including the purposes and legal bases.
Navigation data: Purposes and legal foundation
WHO CAN KNOW THE DATA?
The data may also be known by the IT companies of which the owner uses for the hosting service and for the assistance and maintenance services of the systems used and by the consultants for the management of the dispute and for legal assistance in the event of any disputes. for which their involvement was necessary. The data may also be known by the competent authorities in the event of specific requests which the owner is required, by law, to follow up.
It should be noted that some of the subjects indicated operate as data processors and that the communication to those who operate as autonomous controllers is carried out because it is prescribed by law or necessary to fulfill the obligations deriving from the contractual relationship or to the legitimate interest of the consistent controller. in maintaining the security of IT systems and in carrying out defensive activities through legal consultants.
The interested party may request from the Data Controller the list of external parties who carry out their activities as data processors.
The communication is however limited only to the categories of data whose transmission is necessary for the performance of the activities and purposes pursued.
HOW ARE DATA MANAGED?
The data collected are processed with IT tools and only in a residual way with paper methods.
For the processing of data connected to the website services, the Data Controller uses servers located within the European territory and computer systems located at the headquarters of the owner. Adequate security measures are adopted to prevent data loss, illicit or incorrect use and unauthorized access.The use of some services offered by the owner, to which the user can subscribe through specific forms on the site (as in the case of the newsletter), involve a transfer of data abroad; all specifications are given in the specific information dedicated to the requested service. However, it should be noted as of now that the owner first assesses whether the supplier he intends to use offers the necessary guarantees required for the transfer of data abroad.
The data provided directly by the interested party are kept for the time strictly necessary to process the requests and then deleted, without prejudice to defensive needs (which may require further storage).
The navigation data of users who access the site are acquired and processed directly by the hosting provider without the Company having access to them.
PROVISION OF DATA
With the exception of the navigation data necessary to implement the IT and telematic protocols, the provision of data by users through the various methods made available is free and optional. However, failure to provide the data will make it impossible to respond to the requests made and use the services of interest. WHAT ARE THE RIGHTS OF THE INTERESTED PARTY?
The law recognizes the right of the data subject to ask the data controller to access personal data and to correct or cancel them or limit their processing or to oppose their processing, in addition to the right to data portability.
The interested party may assert his rights at any time, without formalities, by contacting the data controller, through the email address firstname.lastname@example.org
The rights recognized by the current legislation on the protection of personal data are detailed below.
The right of access, i.e., the right to obtain from the data controller confirmation that personal data concerning him is being processed and, in this case, to obtain access to personal data and the following information: a)the purposes of the processing; b) the categories of personal data in question; c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular if they are recipients of third countries or international organizations; d)when possible, the retention period of the personal data envisaged or, if not possible, the criteria used to determine this period; e) the existence of the right of the interested party to ask the data controller to rectify or delete personal data or limit the processing of personal data concerning him or to oppose their treatment; f)the right to lodge a complaint with a supervisory authority; g) if the data are not collected from the data subject, all available information on their origin; h) the existence of an automated decision-making process, including profiling and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of such processing for the data subject. If personal data are transferred to a third country or to an international organization, the interested party then has the right to be informed of the existence of adequate guarantees relating to the transfer.
The right to cancellation, i.e., the right to obtain from the data controller the cancellation of personal data concerning him without undue delay if: a) the personal data are no longer necessary with respect to the purposes for which they were collected or otherwise processed; b)the interested party revokes the consent on which the processing is based and if there is no other legal basis for the processing; c) the interested party opposes the processing carried out because it is necessary for the execution of a task of public interest or connected to the exercise of public authority of which the owner is invested or for the pursuit of legitimate interest and there is no legitimate overriding reason to proceed with the processing, or oppose the processing for direct marketing purposes; d)the personal data have been unlawfully processed; e) personal data must be deleted to fulfill a legal obligation under the law of the Union or of the Member State to which the data controller is subject; f)the personal data was collected in relation to the offer of information society services to minors. However, the request for cancellation cannot be accepted if the processing is necessary: a)for the exercise of the right to freedom of expression and information; b) for the fulfillment of a legal obligation that requires the processing provided for by the law of the Union or of the Member State to which the data controller is subject or for the performance of a task carried out in the public interest or in the exercise of public authority of which the data controller is invested; c)for reasons of public interest in the public health sector; d) for archiving purposes in the public interest, for scientific or historical research or for statistical purposes, to the extent that the cancellation risks making it impossible or seriously jeopardizing the achievement of the objectives of such processing; or e) for the establishment, exercise or defense of a right in court.
a)the data subject disputes the accuracy of personal data, for the period necessary for the data controller to verify the accuracy of such personal data; b) the processing is unlawful and the interested party opposes the deletion of personal data and instead requests that its use be limited;c)although the data controller no longer needs it for processing purposes, personal data are necessary for the data subject to ascertain, exercise or defend a right in court; d)the interested party objected to the processing carried out because it is necessary for the execution of a task of public interest or connected to the exercise of public authority vested in the owner or for the pursuit of the legitimate interest of the data controller or third parties, pending verification of the possible prevalence of the legitimate reasons of the data controller with respect to those of the interested party.